Unfortunately, in both public and private data networks, it is not unusual for a data communications transaction to be dropped. For example, a transaction may be lost because a communication device, such as a traffic manager, fails. This may not a serious problem for some data communications. Some networks include redundancy to account for these types of problems such that, when a device fails, the traffic previously routed through the failed device can be rerouted through the redundant system or systems. To protect against lost of such transactions, some networks may employ standby or backup devices that continuously mirror each other's communication operations. Using such mirroring, when an active device fails, the traffic can be immediately routed through the backup device that, because it has been mirroring the communications, can continue managing the transaction from the point at which the active system failed. For example, transmission control protocol (TCP) transactions can be successfully mirrored with device mirroring so that devices may fail without disrupting any transactions.
Transaction mirroring, however, does not work in all contexts. For example, transaction mirroring does not work with secure sockets layer (SSL) protocol. Using SSL, a client and a communications server perform a handshake in which a secret or symmetrical key is created for the session. The secret is securely transmitted from the server to the client using public key infrastructure (PKI) to encrypt the secret. The secret is then used by both the communications server to encrypt and decrypt communications between the client and server throughout the balance of the transaction. The secret is based on a value, such as a randomly-generated number, to provide a reasonable level of security for the transaction with relatively low encryption overhead as compared to using PKI throughout the transaction.
Unfortunately, for example, if the communications server fails in the midst of an SSL transaction, the transaction will be lost. The secret is shared by only the communications server and the client; if the communications server fails, the secret, in effect, dies with the communications server. Without the key, another communications server cannot take over and continue the session because, without the key, the encrypted communication will not be comprehensible.